0
我使用CRUD在线教程。不过,我已经到了更新部分,并且在GET函数和fetch_row方面遇到了一些问题。使用php和mysql更新
未定义的变量:fetched_row在C:\ XAMPP \ htdocs中\网站\ editsuppliers.php上线69是一个错误消息,并且接下来是未定义指数:editsuppliers
这是我到目前为止所。
<?php
include_once 'connect.php' ;
if(isset($_GET['editsuppliers']))
{
$sql_query="SELECT * FROM suppliers WHERE SuppliersID=".$_GET['editsuppliers'];
$result_set=mysql_query($sql_query);
$fetched_row=mysql_fetch_array($result_set);
}
if(isset($_POST['btn-update']))
{
// variables for input data
$SupplierID = $_POST['SupplierID'];
$SupplierName = $_POST['SupplierName'];
$Address = $_POST['Address'];
$EmailAddress = $_POST['EmailAddress'];
$PhoneNumber = $_POST['PhoneNumber'];
// variables for input data
// sql query for update data into database
$sql_query = "UPDATE suppliers SET SupplierID='$SupplierID',SupplierNamee='$SupplierName',Address='$Address',EmailAddress='$EmailAddress',PhoneNumber'$PhoneNumber' WHERE SupplierID=".$_GET['editsuppliers'];
// sql query for update data into database
// sql query execution function
if(mysql_query($sql_query))
{
?>
<script type="text/javascript">
alert('Data Updated Successfully');
window.location.href='suppliers.php';
</script>
<?php
}
else
{
?>
<script type="text/javascript">
alert('error occured while updating data');
</script>
<?php
}
// sql query execution function
}
if(isset($_POST['btn-cancel']))
{
header("Location: suppliers.php");
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit Suppliers</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<center>
<div id="header">
<div id="content">
<label</label>
</div>
</div>
<div id="body">
<div id="content">
<form method="post">
<table align="center">
<tr>
<td><input type="text" name="SupplierID" placeholder="Supplier ID" value="<?php echo $fetched_row['SupplierID']; ?>" required /></td>
</tr>
<tr>
<td><input type="text" name="SupplierName" placeholder="Supplier Name" value="<?php echo $fetched_row['SupplierName']; ?>" required /></td>
</tr>
<tr>
<td><input type="text" name="Address" placeholder="Address" value="<?php echo $fetched_row['Address']; ?>" required /></td>
</tr>
<tr>
<td><input type="text" name="EmailAddress" placeholder="Email Address" value="<?php echo $fetched_row['EmailAddress']; ?>" required /></td>
</tr>
<tr>
<td><input type="text" name="PhoneNumber" placeholder="Phone Number" value="<?php echo $fetched_row['PhoneNumber']; ?>" required /></td>
</tr>
<tr>
<td>
<button type="submit" name="btn-update"><strong>UPDATE</strong></button>
<button type="submit" name="btn-cancel"><strong>Cancel</strong></button>
</td>
</tr>
</table>
</form>
</div>
</div>
</center>
</body>
</html>
首先,因为mysql_ *在PHP 5.5中被弃用(请参考[PHP doc](http://php.net/manual/en/function.mysql-connect.php)),你应该真的** **考虑使用[PPS:Prepared Parameterized Statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)。这将有助于[预防SQL注入](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – OldPadawan
请使用'error_reporting(E_ALL); ini_set('display_errors',1);'在你的页面顶部并且在你需要使用它们之前echo'$ _GET'和'$ _POST' vars,查看返回的内容(缺少其他东西?)我很漂亮确保'$ sql_query =“选择*从供应商那里供应商= =。$ _ GET ['editsuppliers'];'会让你陷入麻烦...... – OldPadawan
[Little Bobby](http://bobby-tables.com/)说[你的脚本处于SQL注入攻击风险](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)。了解[MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php)的[准备语句](http://en.wikipedia.org/wiki/Prepared_statement)。即使[转义字符串](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string)是不安全的。 – junkfoodjunkie